Encrypted Traffic Visibility

Providing Visibility of Threats at Scale Whilst Maintaining Security and Privacy

SSL/TLS: Safe Traffic or Just Invisible Traffic?

Encryption technology has enabled much greater privacy and security for enterprises that use the Internet to communicate and carry out business online. 

However, businesses are not the only ones to benefit from encryption. Threat actors have leveraged these same benefits to evade detection and to secure their malicious activities, launching 2.8 million encrypted attacks in 2019 so far.

70% of Malware Campaigns Using Encryption by 2020

Traditional threat inspection with bulk decryption, analysis, and re-encryption is not always practical or feasible, for performance and resource reasons. Also, it compromises privacy and data integrity. 

More than 70% of malware campaigns in 2020 will use some type of encryption to conceal malware delivery, command-and-control activity, or data exfiltration and 60% of organisations will fail to decrypt HTTPS efficiently, missing critical encrypted threats.

Gain Visibility of Encrypted Traffic Without Decryption

Our Encrypted Traffic Visibility (ETV) exposes threats and stops attacks hidden in encrypted traffic in milliseconds without decryption.

ETV detects known attack signatures and anomalous behaviour without decrypting source data by combining network TCP/IP and SSL metadata with AI, machine learning and behavioural analytics.

ETV ultimately delivers a lightweight, accurate solution that increases an organisations visibility while maintaining security and privacy.

Business

Benefits and Features

Business benefits are abundant when it comes to our Encrypted Traffic Visibilty solution.

U

Gain Visibility into Encrypted Traffic

Expose hidden threats and abnormal traffic without decryption.

Real-Time Threat Detection

Detect attacks and abnormal behaviour in milliseconds using a combination of machine learning and behavioural analytics.

Highly Accurate

Achieve 99.997% accuracy in attack detection and reduce false positives to 0.0006% of total traffic.

Smart Collection

By analysing traffic flow, initial TCP packets and SSL metadata we only collect 1% to 3% of the traffic to protect your bandwidth

Use Case

Resolving the TLS 1.3 Challenge

Better for Individuals - Harder for Enterprises

TLS version 1.3 addresses a number of things to make the protocol fit for the future:

  • It removes some old and creaky cryptography which we really shouldn’t be using anymore.
  • It makes a bunch of attacks less likely.
  • It adds some more robust connection privacy protection, intended to protect individuals from ‘pervasive monitoring’.

The challenge is that these changes will make the enterprise security model much, much harder!

TLS1.3 Makes Decryption Almost Impossible

Another new security feature in TLS 1.3, means that decryption is no longer allowed. It will see any decryption attempt as a “Man in the Middle” attack, and terminate the session. This means that any security products that need to decrypt will no longer work.

It’s also impossible to whitelist sites anymore because server certificates are encrypted and cannot be verified. So, current solutions will be unable to work out whether you’re communicating with your bank, or if malware on your machine is talking to its criminal masters, without breaking the connection.

Traditional Methods Are Failing

With TLS 1.3, organisations need to proxy for the entire duration of the connection. This reduces the privacy of your employees, massively increases equipment and power costs, and probably increases overall technical risk for the enterprise and its employees.

By looking at metadata, ours really is the only solution that provides visibility of threats at scale whilst maintaining privacy.

ETV provides high-performance visibility of inbound and outbound SSL/TLS traffic without the need for decryption, using TLS/SSL Metadata combined with machine learning and behavioural analytics to expose threats and stop attacks.

Want to Learn More?

Sign-Up For a Free Trial